Penetration Testing Fusion Course

This course was built by penetration testers that each have delivered over 300 professional engagements and managed teams of penetration testers for people who want to join the field.

By the end of the course, you will know:

How to identify and exploit them all the major web and infrastructure vulnerabilities

How and when to use the major penetration testing tools

Professional methodologies to deliver web and infrastructure penetration tests

How to write professional penetration testing proposals and reports

What it takes to become a consultant that adds value to customers

What it takes to get hired by an organization that needs penetration testers

Course Outcome:

By completing this Fusion Course, you will become a qualified professional penetration tester capable of delivering web application and infrastructure penetration tests.

Once you have completed all the exercises in this training, you will be required to pass a final online assessment to receive the MPT – Certified Penetration Tester.

Intended Audience:

Students who want to become professional penetration testers.

Trainer:

This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.

Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.

Course Outline

Module 1: The Professional Penetration Tester

We begin the course by imparting what customers and organisations expect from professional penetration testers. Finding vulnerabilities is only one aspect of the job. People will expect a lot more from you.

By the end of this module, you will know exactly what your mandate is and what it takes to become a respected penetration tester capable of delivering high-value engagements that leave customers delighted.

Module 2: Penetration Testing Methodologies

Penetration testers must operate in a way that provides the client high-levels of assurance that scope of work has been covered and that all assets have been comprehensively tested.

In this module we teach you multiple structured approaches and methodologies that can provide these guarantees.

Adopting the right ways of the working early in your career will accelerate your success.

Module 3: Application Vulnerabilities

In this module, we introduce you to the major application vulnerabilities you are likely to encounter in your career. Some of the areas covered:

The OWASP Top 10 vulnerabilities for web application and mobile

Application design and architecture vulnerabilities

Memory corruption vulnerabilities

Reverse engineering network protocols

We will also share with you what we believe are the root causes of many of these vulnerabilities. We then provide you with guidance on how to offer security advice to customers that are affected by these vulnerabilities and that want to resolve them.

Module 4: Infrastructure Vulnerabilities

Here we introduce the major infrastructure vulnerabilities that you will be expected to test for. Examples of subjects covered in this module include:

The Kill Chain model

Unauthorised credential access

Persistence, privilege escalation and lateral movement

Common enterprise network vulnerabilities

Here we will also provide high-level guide on how to provide security advice to customers.

Module 6: Writing a Proposal

In this module, we impart a simple formula and structure to prepare penetration testing proposals that win work.

Module 7: Writing a Report

The advice that you provide in your report is what the customer is paying for. Hence, your reports must be top-notch. In this module, we share our experience writing hundreds of reports that have delighted customers. Some of the subjects covered include:

Report structure

How to write the Executive Summary

How to translate technical risks into business risks

How to structure findings

Security recommendations and advice

Module 8: Interviewing for Penetration Testing Roles

Finally, we end the course by sharing advice on how to apply and get hired as a penetration tester:

How to select an organization in line with your values and where you want your career to grow

How to apply for a junior penetration tester role in a way that they’ll be more likely to say “yes”

What you should include in your CV and application letter

The right attitude to have during the interview

Questions that you should ask them to confirm that the Company culture is right for you

We will also impart some guidance on how to work effectively with recruiters to maximize your chances of landing a job with the right organisation for you.

Fees

Choose to attend the lectures in a classroom environment or via online webinars:

Certification Fees

Your first attempt at the certification is free.

Any additional attempts is charged at $149 AUD per attempt.

From time to time, Mossé Cyber Security Institute may publish a new major version of the certification. Students can elect to retake the online assessment at a cost of $149 AUD to maintain the currency of their certification.

Terms and Conditions (Classroom Training)

Payment methods are either booking online via Event Brite or contacting us for an invoice.

Payment is required at the time of booking.

Cancellation notifications after 14 days prior to course commencement date are not eligible for refund.

Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.

Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.

Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.

Payment must be made in full prior to any rescheduling.

Student substitutions can be made in writing 48 hours prior to a class start.

If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited.
Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.

Programming Skills

We recommend that you have some experience in software programming prior to registering for this course.

The preferred programming languages for this course include: Python, PHP, SQL, and some basic C.

Here's a list of things for you to confirm whether you're at the right level:

Write basic web applications in PHP or something equivalent

Have used and configured a database such as MySQL

Have written authentication pages and code to manage user sessions

Be comfortable with command line utilities and tools

Be capable of installing Windows and Linux virtual machines in something like VirtualBox